cvedb.io
CVE-2022-28568
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-05-04T15:15:13.040 · Last modified 2026-06-17T04:38:39.543

Summary

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.

Affected products

simple_doctor\'s_appointment_system_project — simple_doctor\'s_appointment_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when simple_doctor\'s_appointment_system_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.